• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /******************************************************************************
2  *
3  *  Copyright (C) 2009-2012 Broadcom Corporation
4  *
5  *  Licensed under the Apache License, Version 2.0 (the "License");
6  *  you may not use this file except in compliance with the License.
7  *  You may obtain a copy of the License at:
8  *
9  *  http://www.apache.org/licenses/LICENSE-2.0
10  *
11  *  Unless required by applicable law or agreed to in writing, software
12  *  distributed under the License is distributed on an "AS IS" BASIS,
13  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  *  See the License for the specific language governing permissions and
15  *  limitations under the License.
16  *
17  ******************************************************************************/
18 
19 /******************************************************************************
20  *
21  *  this file contains GATT database building and query functions
22  *
23  ******************************************************************************/
24 
25 #include "bt_target.h"
26 
27 #if BLE_INCLUDED == TRUE
28 
29 #include "bt_trace.h"
30 
31 #include <stdio.h>
32 #include <string.h>
33 #include "gatt_int.h"
34 #include "l2c_api.h"
35 
36 /********************************************************************************
37 **              L O C A L    F U N C T I O N     P R O T O T Y P E S            *
38 *********************************************************************************/
39 static BOOLEAN allocate_svc_db_buf(tGATT_SVC_DB *p_db);
40 static void *allocate_attr_in_db(tGATT_SVC_DB *p_db, UINT16 uuid16, UINT8 *p_uuid128, tGATT_PERM perm);
41 static BOOLEAN deallocate_attr_in_db(tGATT_SVC_DB *p_db, void *p_attr);
42 static BOOLEAN copy_extra_byte_in_db(tGATT_SVC_DB *p_db, void **p_dst, UINT16 len);
43 
44 static void gatts_db_add_service_declaration(tGATT_SVC_DB *p_db, tBT_UUID service, BOOLEAN is_pri);
45 static tGATT_STATUS gatts_send_app_read_request(tGATT_TCB *p_tcb, UINT8 op_code,
46                                                 UINT16 handle, UINT16 offset, UINT32 trans_id);
47 
48 /*******************************************************************************
49 **
50 ** Function         gatts_init_service_db
51 **
52 ** Description      This function initialize a memory space to be a service database.
53 **
54 ** Parameter        p_db: database pointer.
55 **                  len: size of the memory space.
56 **
57 ** Returns          Status of te operation.
58 **
59 *******************************************************************************/
gatts_init_service_db(tGATT_SVC_DB * p_db,tBT_UUID service,BOOLEAN is_pri,UINT16 s_hdl,UINT16 num_handle)60 BOOLEAN gatts_init_service_db (tGATT_SVC_DB *p_db, tBT_UUID service,  BOOLEAN is_pri,
61                                UINT16 s_hdl, UINT16 num_handle)
62 {
63     if (!allocate_svc_db_buf(p_db))
64     {
65         GATT_TRACE_ERROR0("gatts_init_service_db failed, no resources");
66         return FALSE;
67     }
68 
69     GATT_TRACE_DEBUG0("gatts_init_service_db");
70     GATT_TRACE_DEBUG2("s_hdl = %d num_handle = %d", s_hdl, num_handle );
71 
72     /* update service database information */
73     p_db->next_handle   = s_hdl;
74     p_db->end_handle    = s_hdl + num_handle;
75 
76     gatts_db_add_service_declaration(p_db, service, is_pri);
77 
78     return TRUE;
79 }
80 
81 /*******************************************************************************
82 **
83 ** Function         gatts_init_service_db
84 **
85 ** Description      This function initialize a memory space to be a service database.
86 **
87 ** Parameter        p_db: database pointer.
88 **                  len: size of the memory space.
89 **
90 ** Returns          Status of te operation.
91 **
92 *******************************************************************************/
gatts_get_service_uuid(tGATT_SVC_DB * p_db)93 tBT_UUID * gatts_get_service_uuid (tGATT_SVC_DB *p_db)
94 {
95     if (!p_db || !p_db->p_attr_list)
96     {
97         GATT_TRACE_ERROR0("service DB empty");
98 
99         return NULL;
100     }
101     else
102     {
103         return &((tGATT_ATTR16 *)p_db->p_attr_list)->p_value->uuid;
104     }
105 }
106 
107 /*******************************************************************************
108 **
109 ** Function         gatts_check_attr_readability
110 **
111 ** Description      check attribute readability
112 **
113 ** Returns          status of operation.
114 **
115 *******************************************************************************/
gatts_check_attr_readability(tGATT_ATTR16 * p_attr,UINT16 offset,BOOLEAN read_long,tGATT_SEC_FLAG sec_flag,UINT8 key_size)116 static tGATT_STATUS gatts_check_attr_readability(tGATT_ATTR16 *p_attr,
117                                                  UINT16 offset,
118                                                  BOOLEAN read_long,
119                                                  tGATT_SEC_FLAG sec_flag,
120                                                  UINT8 key_size)
121 {
122     UINT16          min_key_size;
123     tGATT_PERM      perm = p_attr->permission;
124 
125     min_key_size = (((perm & GATT_ENCRYPT_KEY_SIZE_MASK) >> 12));
126     if (min_key_size != 0 )
127     {
128         min_key_size +=6;
129     }
130 
131     if (!(perm & GATT_READ_ALLOWED))
132     {
133         GATT_TRACE_ERROR0( "GATT_READ_NOT_PERMIT");
134         return GATT_READ_NOT_PERMIT;
135     }
136 
137     if ((perm & GATT_READ_AUTH_REQUIRED ) && !(sec_flag & GATT_SEC_FLAG_LKEY_UNAUTHED) &&
138         !(sec_flag & BTM_SEC_FLAG_ENCRYPTED))
139     {
140         GATT_TRACE_ERROR0( "GATT_INSUF_AUTHENTICATION");
141         return GATT_INSUF_AUTHENTICATION;
142     }
143 
144     if ((perm & GATT_READ_MITM_REQUIRED ) && !(sec_flag & GATT_SEC_FLAG_LKEY_AUTHED))
145     {
146         GATT_TRACE_ERROR0( "GATT_INSUF_AUTHENTICATION: MITM Required");
147         return GATT_INSUF_AUTHENTICATION;
148     }
149 
150     if ((perm & GATT_READ_ENCRYPTED_REQUIRED ) && !(sec_flag & GATT_SEC_FLAG_ENCRYPTED))
151     {
152         GATT_TRACE_ERROR0( "GATT_INSUF_ENCRYPTION");
153         return GATT_INSUF_ENCRYPTION;
154     }
155 
156     if ( (perm & GATT_READ_ENCRYPTED_REQUIRED) && (sec_flag & GATT_SEC_FLAG_ENCRYPTED) && (key_size < min_key_size))
157     {
158         GATT_TRACE_ERROR0( "GATT_INSUF_KEY_SIZE");
159         return GATT_INSUF_KEY_SIZE;
160     }
161 
162 
163     if (read_long)
164     {
165         switch (p_attr->uuid)
166         {
167             case GATT_UUID_PRI_SERVICE:
168             case GATT_UUID_SEC_SERVICE:
169             case GATT_UUID_CHAR_DECLARE:
170             case GATT_UUID_INCLUDE_SERVICE:
171             case GATT_UUID_CHAR_EXT_PROP:
172             case GATT_UUID_CHAR_CLIENT_CONFIG:
173             case GATT_UUID_CHAR_SRVR_CONFIG:
174             case GATT_UUID_CHAR_PRESENT_FORMAT:
175                 GATT_TRACE_ERROR0("GATT_NOT_LONG");
176                 return GATT_NOT_LONG;
177 
178             default:
179                 break;
180         }
181     }
182 
183     return GATT_SUCCESS;
184 }
185 
186 /*******************************************************************************
187 **
188 ** Function         read_attr_value
189 **
190 ** Description      Utility function to read an attribute value.
191 **
192 ** Parameter        p_attr: pointer to the attribute to read.
193 **                  offset: read offset.
194 **                  p_value: output parameter to carry out the attribute value.
195 **                  p_len: output parameter to carry out the attribute length.
196 **                  read_long: this is a read blob request.
197 **                  mtu: MTU
198 **                  sec_flag: current link security status.
199 **                  key_size: encryption key size.
200 **
201 ** Returns          status of operation.
202 **
203 *******************************************************************************/
read_attr_value(void * p_attr,UINT16 offset,UINT8 ** p_data,BOOLEAN read_long,UINT16 mtu,UINT16 * p_len,tGATT_SEC_FLAG sec_flag,UINT8 key_size)204 static tGATT_STATUS read_attr_value (void *p_attr,
205                                      UINT16 offset,
206                                      UINT8 **p_data,
207                                      BOOLEAN read_long,
208                                      UINT16 mtu,
209                                      UINT16 *p_len,
210                                      tGATT_SEC_FLAG sec_flag,
211                                      UINT8 key_size)
212 {
213     UINT16          len = 0, uuid16 = 0;
214     UINT8           *p = *p_data;
215     tGATT_STATUS    status;
216     UINT16          read_long_uuid=0;
217     tGATT_ATTR16    *p_attr16  = (tGATT_ATTR16  *)p_attr;
218 
219     GATT_TRACE_DEBUG5("read_attr_value uuid=0x%04x perm=0x%0x sec_flag=0x%x offset=%d read_long=%d",
220                       p_attr16->uuid,
221                       p_attr16->permission,
222                       sec_flag,
223                       offset,
224                       read_long);
225 
226     status = gatts_check_attr_readability((tGATT_ATTR16 *)p_attr, offset, read_long, sec_flag, key_size);
227 
228     if (p_attr16->uuid_type == GATT_ATTR_UUID_TYPE_16)
229         uuid16 = p_attr16->uuid;
230 
231     if (status != GATT_SUCCESS)
232         return status;
233 
234     status = GATT_NO_RESOURCES;
235 
236     if (read_long &&
237         (uuid16 == GATT_UUID_CHAR_DESCRIPTION || uuid16 == GATT_UUID_CHAR_AGG_FORMAT))
238     {
239         read_long_uuid = p_attr16->uuid;
240     }
241 
242     if (uuid16 == GATT_UUID_PRI_SERVICE || uuid16 == GATT_UUID_SEC_SERVICE)
243     {
244         len = p_attr16->p_value->uuid.len;
245         if (mtu >= p_attr16->p_value->uuid.len)
246         {
247             gatt_build_uuid_to_stream(&p, p_attr16->p_value->uuid);
248             status = GATT_SUCCESS;
249         }
250     }
251     else if (uuid16 == GATT_UUID_CHAR_DECLARE)
252     {
253         len = (((tGATT_ATTR16 *)(p_attr16->p_next))->uuid_type == GATT_ATTR_UUID_TYPE_16) ? 5 :19;
254 
255         if (mtu >= len)
256         {
257             UINT8_TO_STREAM(p, p_attr16->p_value->char_decl.property);
258             UINT16_TO_STREAM(p, p_attr16->p_value->char_decl.char_val_handle);
259 
260             if (((tGATT_ATTR16 *)(p_attr16->p_next))->uuid_type == GATT_ATTR_UUID_TYPE_16)
261             {
262                 UINT16_TO_STREAM(p, ((tGATT_ATTR16 *)(p_attr16->p_next))->uuid);
263             }
264             else
265             {
266                 ARRAY_TO_STREAM (p, ((tGATT_ATTR128 *)(p_attr16->p_next))->uuid, LEN_UUID_128);
267             }
268             status = GATT_SUCCESS;
269         }
270 
271     }
272     else if (uuid16 == GATT_UUID_INCLUDE_SERVICE)
273     {
274         len = (p_attr16->p_value->incl_handle.service_type.len == 2) ? 6 : 4;
275         if (mtu >= len)
276         {
277             UINT16_TO_STREAM(p, p_attr16->p_value->incl_handle.s_handle);
278             UINT16_TO_STREAM(p, p_attr16->p_value->incl_handle.e_handle);
279 
280             if (p_attr16->p_value->incl_handle.service_type.len == 2)
281             {
282                 UINT16_TO_STREAM(p, p_attr16->p_value->incl_handle.service_type.uu.uuid16);
283             }
284             status = GATT_SUCCESS;
285         }
286     }
287     else /* characteristic description or characteristic value */
288     {
289         status = GATT_PENDING;
290     }
291 
292     *p_len = len;
293     *p_data = p;
294     return status;
295 }
296 
297 /*******************************************************************************
298 **
299 ** Function         gatts_db_read_attr_value_by_type
300 **
301 ** Description      Query attribute value by attribute type.
302 **
303 ** Parameter        p_db: pointer to the attribute database.
304 **                  p_rsp: Read By type response data.
305 **                  s_handle: starting handle of the range we are looking for.
306 **                  e_handle: ending handle of the range we are looking for.
307 **                  type: Attribute type.
308 **                  mtu: MTU.
309 **                  sec_flag: current link security status.
310 **                  key_size: encryption key size.
311 **
312 ** Returns          Status of the operation.
313 **
314 *******************************************************************************/
gatts_db_read_attr_value_by_type(tGATT_TCB * p_tcb,tGATT_SVC_DB * p_db,UINT8 op_code,BT_HDR * p_rsp,UINT16 s_handle,UINT16 e_handle,tBT_UUID type,UINT16 * p_len,tGATT_SEC_FLAG sec_flag,UINT8 key_size,UINT32 trans_id,UINT16 * p_cur_handle)315 tGATT_STATUS gatts_db_read_attr_value_by_type (tGATT_TCB   *p_tcb,
316                                                tGATT_SVC_DB    *p_db,
317                                                UINT8        op_code,
318                                                BT_HDR      *p_rsp,
319                                                UINT16       s_handle,
320                                                UINT16       e_handle,
321                                                tBT_UUID     type,
322                                                UINT16      *p_len,
323                                                tGATT_SEC_FLAG sec_flag,
324                                                UINT8        key_size,
325                                                UINT32       trans_id,
326                                                UINT16       *p_cur_handle)
327 {
328     tGATT_STATUS status = GATT_NOT_FOUND;
329     tGATT_ATTR16  *p_attr;
330     UINT16      len = 0;
331     UINT8       *p = (UINT8 *)(p_rsp + 1) + p_rsp->len + L2CAP_MIN_OFFSET;
332     tBT_UUID    attr_uuid;
333 
334     if (p_db && p_db->p_attr_list)
335     {
336         p_attr = (tGATT_ATTR16 *)p_db->p_attr_list;
337 
338         while (p_attr && p_attr->handle <= e_handle)
339         {
340             if (p_attr->uuid_type == GATT_ATTR_UUID_TYPE_16)
341             {
342                 attr_uuid.len = LEN_UUID_16;
343                 attr_uuid.uu.uuid16 = p_attr->uuid;
344             }
345             else
346             {
347                 attr_uuid.len = LEN_UUID_128;
348                 memcpy(attr_uuid.uu.uuid128, ((tGATT_ATTR128 *)p_attr)->uuid, LEN_UUID_128);
349             }
350 
351             if (p_attr->handle >= s_handle && gatt_uuid_compare(type, attr_uuid))
352             {
353                 if (*p_len <= 2)
354                 {
355                     status = GATT_NO_RESOURCES;
356                     break;
357                 }
358 
359                 UINT16_TO_STREAM (p, p_attr->handle);
360 
361                 status = read_attr_value ((void *)p_attr, 0, &p, FALSE, (UINT16)(*p_len -2), &len, sec_flag, key_size);
362 
363                 if (status == GATT_PENDING)
364                 {
365                     status = gatts_send_app_read_request(p_tcb, op_code, p_attr->handle, 0, trans_id);
366 
367                     /* one callback at a time */
368                     break;
369                 }
370                 else if (status == GATT_SUCCESS)
371                 {
372                     if (p_rsp->offset == 0)
373                         p_rsp->offset = len + 2;
374 
375                     if (p_rsp->offset == len + 2)
376                     {
377                         p_rsp->len += (len  + 2);
378                         *p_len -= (len + 2);
379                     }
380                     else
381                     {
382                         GATT_TRACE_ERROR0("format mismatch");
383                         status = GATT_NO_RESOURCES;
384                         break;
385                     }
386                 }
387                 else
388                 {
389                     *p_cur_handle = p_attr->handle;
390                     break;
391                 }
392             }
393             p_attr = (tGATT_ATTR16 *)p_attr->p_next;
394         }
395     }
396 
397     return status;
398 }
399 
400 /*******************************************************************************
401 **
402 ** Function         gatts_add_included_service
403 **
404 ** Description      This function adds an included service into a database.
405 **
406 ** Parameter        p_db: database pointer.
407 **                  inc_srvc_type: included service type.
408 **
409 ** Returns          Status of the operation.
410 **
411 *******************************************************************************/
gatts_add_included_service(tGATT_SVC_DB * p_db,UINT16 s_handle,UINT16 e_handle,tBT_UUID service)412 UINT16 gatts_add_included_service (tGATT_SVC_DB *p_db, UINT16 s_handle, UINT16 e_handle,
413                                    tBT_UUID service)
414 {
415     tGATT_ATTR16      *p_attr;
416 
417     GATT_TRACE_DEBUG3("gatts_add_included_service: s_hdl = 0x%04x e_hdl = 0x%04x uuid = 0x%04x",
418                       s_handle, e_handle, service.uu.uuid16);
419 
420     if (service.len == 0 || s_handle == 0 || e_handle == 0)
421     {
422         GATT_TRACE_ERROR0("gatts_add_included_service Illegal Params.");
423         return 0;
424     }
425 
426     if ((p_attr = (tGATT_ATTR16 *) allocate_attr_in_db(p_db, GATT_UUID_INCLUDE_SERVICE, NULL, GATT_PERM_READ)) != NULL)
427     {
428         if (copy_extra_byte_in_db(p_db, (void **)&p_attr->p_value, sizeof(tGATT_INCL_SRVC)))
429         {
430             p_attr->p_value->incl_handle.s_handle = s_handle;
431             p_attr->p_value->incl_handle.e_handle = e_handle;
432             memcpy(&p_attr->p_value->incl_handle.service_type, &service, sizeof(tBT_UUID));
433 
434             return p_attr->handle;
435         }
436         else
437         {
438             deallocate_attr_in_db(p_db, p_attr);
439         }
440     }
441 
442     return 0;
443 }
444 
445 /*******************************************************************************
446 **
447 ** Function         gatts_add_characteristic
448 **
449 ** Description      This function add a characteristics and its descriptor into
450 **                  a servce identified by the service database pointer.
451 **
452 ** Parameter        p_db: database pointer.
453 **                  perm: permission (authentication and key size requirements)
454 **                  property: property of the characteristic.
455 **                  p_char: characteristic value information.
456 **
457 ** Returns          Status of te operation.
458 **
459 *******************************************************************************/
gatts_add_characteristic(tGATT_SVC_DB * p_db,tGATT_PERM perm,tGATT_CHAR_PROP property,tBT_UUID * p_char_uuid)460 UINT16 gatts_add_characteristic (tGATT_SVC_DB *p_db, tGATT_PERM perm,
461                                  tGATT_CHAR_PROP property,
462                                  tBT_UUID * p_char_uuid)
463 {
464     tGATT_ATTR16     *p_char_decl, *p_char_val;
465     UINT16          uuid16 = (p_char_uuid->len == LEN_UUID_16) ? p_char_uuid->uu.uuid16 : 0;
466 
467     GATT_TRACE_DEBUG2("gatts_add_characteristic perm=0x%0x property=0x%0x", perm, property);
468 
469     if ((p_char_decl = (tGATT_ATTR16 *)allocate_attr_in_db(p_db, GATT_UUID_CHAR_DECLARE, NULL, GATT_PERM_READ)) != NULL)
470     {
471         if (!copy_extra_byte_in_db(p_db, (void **)&p_char_decl->p_value, sizeof(tGATT_CHAR_DECL)))
472         {
473             deallocate_attr_in_db(p_db, p_char_decl);
474             return 0;
475         }
476 
477         p_char_val = (tGATT_ATTR16 *)allocate_attr_in_db(p_db, uuid16, p_char_uuid->uu.uuid128, perm);
478 
479         if (p_char_val == NULL)
480         {
481             deallocate_attr_in_db(p_db, p_char_decl);
482             return 0;
483         }
484 
485         p_char_decl->p_value->char_decl.property = property;
486         p_char_decl->p_value->char_decl.char_val_handle  = p_char_val->handle;
487 
488         p_char_val->p_value = NULL;
489 
490         return p_char_val->handle;
491     }
492 
493     return 0;
494 }
495 
496 /*******************************************************************************
497 **
498 ** Function         gatt_convertchar_descr_type
499 **
500 ** Description      This function convert a char descript UUID into descriptor type.
501 **
502 ** Returns          descriptor type.
503 **
504 *******************************************************************************/
gatt_convertchar_descr_type(tBT_UUID * p_descr_uuid)505 UINT8 gatt_convertchar_descr_type(tBT_UUID *p_descr_uuid)
506 {
507     tBT_UUID std_descr = {LEN_UUID_16, {GATT_UUID_CHAR_EXT_PROP}};
508 
509     if (gatt_uuid_compare(std_descr, * p_descr_uuid))
510         return GATT_DESCR_EXT_DSCPTOR;
511 
512     std_descr.uu.uuid16 ++;
513     if (gatt_uuid_compare(std_descr,  * p_descr_uuid))
514         return GATT_DESCR_USER_DSCPTOR;
515 
516     std_descr.uu.uuid16 ++;
517     if (gatt_uuid_compare(std_descr,  * p_descr_uuid))
518         return GATT_DESCR_CLT_CONFIG;
519 
520     std_descr.uu.uuid16 ++;
521     if (gatt_uuid_compare(std_descr,  * p_descr_uuid))
522         return GATT_DESCR_SVR_CONFIG;
523 
524     std_descr.uu.uuid16 ++;
525     if (gatt_uuid_compare(std_descr,  * p_descr_uuid))
526         return GATT_DESCR_PRES_FORMAT;
527 
528     std_descr.uu.uuid16 ++;
529     if (gatt_uuid_compare(std_descr,  * p_descr_uuid))
530         return GATT_DESCR_AGGR_FORMAT;
531 
532     std_descr.uu.uuid16 ++;
533     if (gatt_uuid_compare(std_descr,  * p_descr_uuid))
534         return GATT_DESCR_VALID_RANGE;
535 
536 
537     return GATT_DESCR_UNKNOWN;
538 }
539 
540 /*******************************************************************************
541 **
542 ** Function         gatts_add_char_descr
543 **
544 ** Description      This function add a characteristics descriptor.
545 **
546 ** Parameter        p_db: database pointer.
547 **                  perm: characteristic descriptor permission type.
548 **                  char_dscp_tpye: the characteristic descriptor masks.
549 **                  p_dscp_params: characteristic descriptors values.
550 **
551 ** Returns          Status of the operation.
552 **
553 *******************************************************************************/
gatts_add_char_descr(tGATT_SVC_DB * p_db,tGATT_PERM perm,tBT_UUID * p_descr_uuid)554 UINT16 gatts_add_char_descr (tGATT_SVC_DB *p_db, tGATT_PERM perm,
555                              tBT_UUID *     p_descr_uuid)
556 {
557     tGATT_ATTR16    *p_char_dscptr;
558     UINT16    uuid16  = (p_descr_uuid->len == LEN_UUID_16)? p_descr_uuid->uu.uuid16 : 0;
559 
560     GATT_TRACE_DEBUG1("gatts_add_char_descr uuid=0x%04x", p_descr_uuid->uu.uuid16);
561 
562     /* Add characteristic descriptors */
563     if ((p_char_dscptr = (tGATT_ATTR16 *)allocate_attr_in_db(p_db,
564                                                              uuid16,
565                                                              p_descr_uuid->uu.uuid128,
566                                                              perm))
567         == NULL)
568     {
569         GATT_TRACE_DEBUG0("gatts_add_char_descr Fail for adding char descriptors.");
570         return 0;
571     }
572     else
573     {
574         return p_char_dscptr->handle;
575     }
576 }
577 
578 /*******************************************************************************/
579 /* Service Attribute Database Query Utility Functions */
580 /*******************************************************************************/
581 /*******************************************************************************
582 **
583 ** Function         gatts_read_attr_value_by_handle
584 **
585 ** Description      Query attribute value by attribute handle.
586 **
587 ** Parameter        p_db: pointer to the attribute database.
588 **                  handle: Attribute handle to read.
589 **                  offset: Read offset.
590 **                  p_value: output parameter to carry out the attribute value.
591 **                  p_len: output parameter as attribute length read.
592 **                  read_long: this is a read blob request.
593 **                  mtu: MTU.
594 **                  sec_flag: current link security status.
595 **                  key_size: encryption key size
596 **
597 ** Returns          Status of operation.
598 **
599 *******************************************************************************/
gatts_read_attr_value_by_handle(tGATT_TCB * p_tcb,tGATT_SVC_DB * p_db,UINT8 op_code,UINT16 handle,UINT16 offset,UINT8 * p_value,UINT16 * p_len,UINT16 mtu,tGATT_SEC_FLAG sec_flag,UINT8 key_size,UINT32 trans_id)600 tGATT_STATUS gatts_read_attr_value_by_handle(tGATT_TCB *p_tcb,
601                                              tGATT_SVC_DB *p_db,
602                                              UINT8 op_code,
603                                              UINT16 handle, UINT16 offset,
604                                              UINT8 *p_value, UINT16 *p_len,
605                                              UINT16 mtu,
606                                              tGATT_SEC_FLAG sec_flag,
607                                              UINT8 key_size,
608                                              UINT32 trans_id)
609 {
610     tGATT_STATUS status = GATT_NOT_FOUND;
611     tGATT_ATTR16  *p_attr;
612     UINT8       *pp = p_value;
613 
614     if (p_db && p_db->p_attr_list)
615     {
616         p_attr = (tGATT_ATTR16 *)p_db->p_attr_list;
617 
618         while (p_attr && handle >= p_attr->handle)
619         {
620             if (p_attr->handle == handle)
621             {
622                 status = read_attr_value (p_attr, offset, &pp,
623                                           (BOOLEAN)(op_code == GATT_REQ_READ_BLOB),
624                                           mtu, p_len, sec_flag, key_size);
625 
626                 if (status == GATT_PENDING)
627                 {
628                     status = gatts_send_app_read_request(p_tcb, op_code, p_attr->handle, offset, trans_id);
629                 }
630                 break;
631             }
632             p_attr = (tGATT_ATTR16 *)p_attr->p_next;
633         }
634     }
635 
636     return status;
637 }
638 
639 /*******************************************************************************
640 **
641 ** Function         gatts_read_attr_perm_check
642 **
643 ** Description      Check attribute readability.
644 **
645 ** Parameter        p_db: pointer to the attribute database.
646 **                  handle: Attribute handle to read.
647 **                  offset: Read offset.
648 **                  p_value: output parameter to carry out the attribute value.
649 **                  p_len: output parameter as attribute length read.
650 **                  read_long: this is a read blob request.
651 **                  mtu: MTU.
652 **                  sec_flag: current link security status.
653 **                  key_size: encryption key size
654 **
655 ** Returns          Status of operation.
656 **
657 *******************************************************************************/
gatts_read_attr_perm_check(tGATT_SVC_DB * p_db,BOOLEAN is_long,UINT16 handle,tGATT_SEC_FLAG sec_flag,UINT8 key_size)658 tGATT_STATUS gatts_read_attr_perm_check(tGATT_SVC_DB *p_db,
659                                         BOOLEAN is_long,
660                                         UINT16 handle,
661                                         tGATT_SEC_FLAG sec_flag,
662                                         UINT8 key_size)
663 {
664     tGATT_STATUS status = GATT_NOT_FOUND;
665     tGATT_ATTR16  *p_attr;
666 
667     if (p_db && p_db->p_attr_list)
668     {
669         p_attr = (tGATT_ATTR16 *)p_db->p_attr_list;
670 
671         while (p_attr && handle >= p_attr->handle)
672         {
673             if (p_attr->handle == handle)
674             {
675                 status = gatts_check_attr_readability (p_attr, 0,
676                                                        is_long,
677                                                        sec_flag, key_size);
678                 break;
679             }
680             p_attr = (tGATT_ATTR16 *) p_attr->p_next;
681         }
682     }
683 
684     return status;
685 }
686 /*******************************************************************************
687 **
688 ** Function         gatts_write_attr_perm_check
689 **
690 ** Description      Write attribute value into database.
691 **
692 ** Parameter        p_db: pointer to the attribute database.
693 **                  op_code:op code of this write.
694 **                  handle: handle of the attribute to write.
695 **                  offset: Write offset if write op code is write blob.
696 **                  p_data: Attribute value to write.
697 **                  len: attribute data length.
698 **                  sec_flag: current link security status.
699 **                  key_size: encryption key size
700 **
701 ** Returns          Status of the operation.
702 **
703 *******************************************************************************/
gatts_write_attr_perm_check(tGATT_SVC_DB * p_db,UINT8 op_code,UINT16 handle,UINT16 offset,UINT8 * p_data,UINT16 len,tGATT_SEC_FLAG sec_flag,UINT8 key_size)704 tGATT_STATUS gatts_write_attr_perm_check (tGATT_SVC_DB *p_db, UINT8 op_code,
705                                           UINT16 handle, UINT16 offset, UINT8 *p_data,
706                                           UINT16 len, tGATT_SEC_FLAG sec_flag, UINT8 key_size)
707 {
708     tGATT_STATUS    status = GATT_NOT_FOUND;
709     tGATT_ATTR16    *p_attr;
710     UINT16          max_size = 0;
711     tGATT_PERM      perm;
712     UINT16          min_key_size;
713 
714     GATT_TRACE_DEBUG6( "gatts_write_attr_perm_check op_code=0x%0x handle=0x%04x offset=%d len=%d sec_flag=0x%0x key_size=%d",
715                        op_code, handle, offset, len, sec_flag, key_size);
716 
717     if (p_db != NULL)
718     {
719         p_attr = (tGATT_ATTR16 *) p_db->p_attr_list;
720 
721         while (p_attr != NULL)
722         {
723             if (p_attr->handle == handle)
724             {
725                 perm = p_attr->permission;
726                 min_key_size = (((perm & GATT_ENCRYPT_KEY_SIZE_MASK) >> 12));
727                 if (min_key_size != 0 )
728                 {
729                     min_key_size +=6;
730                 }
731                 GATT_TRACE_DEBUG2( "gatts_write_attr_perm_check p_attr->permission =0x%04x min_key_size==0x%04x",
732                                    p_attr->permission,
733                                    min_key_size);
734 
735                 if ((op_code == GATT_CMD_WRITE || op_code == GATT_REQ_WRITE)
736                     && (perm & GATT_WRITE_SIGNED_PERM))
737                 {
738                     /* use the rules for the mixed security see section 10.2.3*/
739                     /* use security mode 1 level 2 when the following condition follows */
740                     /* LE security mode 2 level 1 and LE security mode 1 level 2 */
741                     if ((perm & GATT_PERM_WRITE_SIGNED) && (perm & GATT_PERM_WRITE_ENCRYPTED))
742                     {
743                         perm = GATT_PERM_WRITE_ENCRYPTED;
744                     }
745                     /* use security mode 1 level 3 when the following condition follows */
746                     /* LE security mode 2 level 2 and security mode 1 and LE */
747                     else if (((perm & GATT_PERM_WRITE_SIGNED_MITM) && (perm & GATT_PERM_WRITE_ENCRYPTED)) ||
748                               /* LE security mode 2 and security mode 1 level 3 */
749                              ((perm & GATT_WRITE_SIGNED_PERM) && (perm & GATT_PERM_WRITE_ENC_MITM)))
750                     {
751                         perm = GATT_PERM_WRITE_ENC_MITM;
752                     }
753                 }
754 
755                 if ((op_code == GATT_SIGN_CMD_WRITE) && !(perm & GATT_WRITE_SIGNED_PERM))
756                 {
757                     status = GATT_WRITE_NOT_PERMIT;
758                     GATT_TRACE_DEBUG0( "gatts_write_attr_perm_check - sign cmd write not allowed");
759                 }
760                  if ((op_code == GATT_SIGN_CMD_WRITE) && (sec_flag & GATT_SEC_FLAG_ENCRYPTED))
761                 {
762                     status = GATT_INVALID_PDU;
763                     GATT_TRACE_ERROR0( "gatts_write_attr_perm_check - Error!! sign cmd write sent on a encypted link");
764                 }
765                 else if (!(perm & GATT_WRITE_ALLOWED))
766                 {
767                     status = GATT_WRITE_NOT_PERMIT;
768                     GATT_TRACE_ERROR0( "gatts_write_attr_perm_check - GATT_WRITE_NOT_PERMIT");
769                 }
770                 /* require authentication, but not been authenticated */
771                 else if ((perm & GATT_WRITE_AUTH_REQUIRED ) && !(sec_flag & GATT_SEC_FLAG_LKEY_UNAUTHED))
772                 {
773                     status = GATT_INSUF_AUTHENTICATION;
774                     GATT_TRACE_ERROR0( "gatts_write_attr_perm_check - GATT_INSUF_AUTHENTICATION");
775                 }
776                 else if ((perm & GATT_WRITE_MITM_REQUIRED ) && !(sec_flag & GATT_SEC_FLAG_LKEY_AUTHED))
777                 {
778                     status = GATT_INSUF_AUTHENTICATION;
779                     GATT_TRACE_ERROR0( "gatts_write_attr_perm_check - GATT_INSUF_AUTHENTICATION: MITM required");
780                 }
781                 else if ((perm & GATT_WRITE_ENCRYPTED_PERM ) && !(sec_flag & GATT_SEC_FLAG_ENCRYPTED))
782                 {
783                     status = GATT_INSUF_ENCRYPTION;
784                     GATT_TRACE_ERROR0( "gatts_write_attr_perm_check - GATT_INSUF_ENCRYPTION");
785                 }
786                 else if ((perm & GATT_WRITE_ENCRYPTED_PERM ) && (sec_flag & GATT_SEC_FLAG_ENCRYPTED) && (key_size < min_key_size))
787                 {
788                     status = GATT_INSUF_KEY_SIZE;
789                     GATT_TRACE_ERROR0( "gatts_write_attr_perm_check - GATT_INSUF_KEY_SIZE");
790                 }
791                 /* LE security mode 2 attribute  */
792                 else if (perm & GATT_WRITE_SIGNED_PERM && op_code != GATT_SIGN_CMD_WRITE && !(sec_flag & GATT_SEC_FLAG_ENCRYPTED))
793                 {
794                     status = GATT_INSUF_AUTHENTICATION;
795                     GATT_TRACE_ERROR0( "gatts_write_attr_perm_check - GATT_INSUF_AUTHENTICATION: LE security mode 2 required");
796                 }
797                 else /* writable: must be char value declaration or char descritpors */
798                 {
799                     if(p_attr->uuid_type == GATT_ATTR_UUID_TYPE_16)
800                     {
801                     switch (p_attr->uuid)
802                     {
803                         case GATT_UUID_CHAR_PRESENT_FORMAT:/* should be readable only */
804                         case GATT_UUID_CHAR_EXT_PROP:/* should be readable only */
805                         case GATT_UUID_CHAR_AGG_FORMAT: /* should be readable only */
806                             case GATT_UUID_CHAR_VALID_RANGE:
807                             status = GATT_WRITE_NOT_PERMIT;
808                             break;
809 
810                         case GATT_UUID_CHAR_CLIENT_CONFIG:
811 /* coverity[MISSING_BREAK] */
812 /* intnended fall through, ignored */
813                             /* fall through */
814                         case GATT_UUID_CHAR_SRVR_CONFIG:
815                             max_size = 2;
816                         case GATT_UUID_CHAR_DESCRIPTION:
817                         default: /* any other must be character value declaration */
818                             status = GATT_SUCCESS;
819                             break;
820                         }
821                     }
822                     else if (p_attr->uuid_type == GATT_ATTR_UUID_TYPE_128)
823                     {
824                          status = GATT_SUCCESS;
825                     }
826                     else
827                     {
828                         status = GATT_INVALID_PDU;
829                     }
830 
831                     if (p_data == NULL && len  > 0)
832                     {
833                         status = GATT_INVALID_PDU;
834                     }
835                     /* these attribute does not allow write blob */
836 // btla-specific ++
837                     else if ( (p_attr->uuid_type == GATT_ATTR_UUID_TYPE_16) &&
838                               (p_attr->uuid == GATT_UUID_CHAR_CLIENT_CONFIG ||
839                                p_attr->uuid == GATT_UUID_CHAR_SRVR_CONFIG) )
840 // btla-specific --
841                     {
842                         if (op_code == GATT_REQ_PREPARE_WRITE && offset != 0) /* does not allow write blob */
843                         {
844                             status = GATT_NOT_LONG;
845                             GATT_TRACE_ERROR0( "gatts_write_attr_perm_check - GATT_NOT_LONG");
846                         }
847                         else if (len != max_size)    /* data does not match the required format */
848                         {
849                             status = GATT_INVALID_ATTR_LEN;
850                             GATT_TRACE_ERROR0( "gatts_write_attr_perm_check - GATT_INVALID_PDU");
851                         }
852                         else
853                         {
854                             status = GATT_SUCCESS;
855                         }
856                     }
857                 }
858                 break;
859             }
860             else
861                 p_attr = (tGATT_ATTR16 *)p_attr->p_next;
862         }
863     }
864 
865     return status;
866 }
867 
868 /*******************************************************************************
869 **
870 ** Function         allocate_attr_in_db
871 **
872 ** Description      Allocate a memory space for a new attribute, and link this
873 **                  attribute into the database attribute list.
874 **
875 **
876 ** Parameter        p_db    : database pointer.
877 **                  service : type of attribute to be added.
878 **
879 ** Returns          pointer to the newly allocated attribute.
880 **
881 *******************************************************************************/
allocate_attr_in_db(tGATT_SVC_DB * p_db,UINT16 uuid16,UINT8 * uuid128,tGATT_PERM perm)882 static void *allocate_attr_in_db(tGATT_SVC_DB *p_db, UINT16 uuid16, UINT8 *uuid128, tGATT_PERM perm)
883 {
884     tGATT_ATTR16    *p_attr16 = NULL, *p_last;
885     tGATT_ATTR128   *p_attr128 = NULL;
886     UINT16      len = (uuid16 == 0) ? sizeof(tGATT_ATTR128): sizeof(tGATT_ATTR16);
887 
888     GATT_TRACE_DEBUG1("allocate attr %d bytes ",len);
889 
890     if (uuid16 == GATT_ILLEGAL_UUID && uuid128 == NULL)
891     {
892         GATT_TRACE_ERROR0("illegal UUID");
893         return NULL;
894     }
895 
896     if (p_db->end_handle <= p_db->next_handle)
897     {
898         GATT_TRACE_DEBUG2("handle space full. handle_max = %d next_handle = %d",
899                           p_db->end_handle, p_db->next_handle);
900         return NULL;
901     }
902 
903     if (p_db->mem_free < len)
904     {
905         if (!allocate_svc_db_buf(p_db))
906         {
907             GATT_TRACE_ERROR0("allocate_attr_in_db failed, no resources");
908             return NULL;
909         }
910     }
911 
912     p_attr16 = (tGATT_ATTR16 *) p_db->p_free_mem;
913     p_attr128 = (tGATT_ATTR128 *) p_db->p_free_mem;
914 
915     memset(p_attr16, 0, len);
916 
917     if (uuid16 != GATT_ILLEGAL_UUID)
918     {
919         p_attr16->uuid_type = GATT_ATTR_UUID_TYPE_16;
920         p_attr16->uuid = uuid16;
921     }
922     else
923     {
924         p_attr128->uuid_type = GATT_ATTR_UUID_TYPE_128;
925         memcpy(p_attr128->uuid, uuid128, LEN_UUID_128);
926     }
927 
928     p_db->p_free_mem += len;
929     p_db->mem_free -= len;
930 
931     p_attr16->handle = p_db->next_handle++;
932     p_attr16->permission = perm;
933     p_attr16->p_next = NULL;
934 
935     /* link the attribute record into the end of DB */
936     if (p_db->p_attr_list == NULL)
937         p_db->p_attr_list = p_attr16;
938     else
939     {
940         p_last = (tGATT_ATTR16 *)p_db->p_attr_list;
941 
942         while (p_last != NULL && p_last->p_next != NULL)
943             p_last = (tGATT_ATTR16 *)p_last->p_next;
944 
945         p_last->p_next = p_attr16;
946     }
947 
948     if (p_attr16->uuid_type == GATT_ATTR_UUID_TYPE_16)
949     {
950         GATT_TRACE_DEBUG3("=====> handle = [0x%04x] uuid = [0x%04x] perm=0x%02x ",
951                           p_attr16->handle, p_attr16->uuid, p_attr16->permission);
952     }
953     else
954     {
955         GATT_TRACE_DEBUG4("=====> handle = [0x%04x] uuid128 = [0x%02x:0x%02x] perm=0x%02x ",
956                           p_attr128->handle, p_attr128->uuid[0],p_attr128->uuid[1],
957                           p_attr128->permission);
958     }
959     return(void *)p_attr16;
960 }
961 
962 /*******************************************************************************
963 **
964 ** Function         deallocate_attr_in_db
965 **
966 ** Description      Free an attribute within the database.
967 **
968 ** Parameter        p_db: database pointer.
969 **                  p_attr: pointer to the attribute record to be freed.
970 **
971 ** Returns          BOOLEAN: success
972 **
973 *******************************************************************************/
deallocate_attr_in_db(tGATT_SVC_DB * p_db,void * p_attr)974 static BOOLEAN deallocate_attr_in_db(tGATT_SVC_DB *p_db, void *p_attr)
975 {
976     tGATT_ATTR16  *p_cur, *p_next;
977     BOOLEAN     found = FALSE;
978 
979     if (p_db->p_attr_list == NULL)
980         return found;
981 
982     p_cur   = (tGATT_ATTR16 *) p_db->p_attr_list;
983     p_next  = (tGATT_ATTR16 *) p_cur->p_next;
984 
985     for (; p_cur != NULL && p_next != NULL;
986         p_cur = p_next, p_next = (tGATT_ATTR16 *)p_next->p_next)
987     {
988         if (p_next == p_attr)
989         {
990             p_cur->p_next = p_next->p_next;
991             found = TRUE;
992         }
993     }
994     if (p_cur == p_attr && p_cur == p_db->p_attr_list)
995     {
996         p_db->p_attr_list = p_cur->p_next;
997         found = TRUE;
998     }
999     /* else attr not found */
1000     if ( found)
1001         p_db->next_handle --;
1002 
1003     return found;
1004 }
1005 
1006 /*******************************************************************************
1007 **
1008 ** Function         copy_extra_byte_in_db
1009 **
1010 ** Description      Utility function to allocate extra bytes memory in DB and copy
1011 **                  the value from a source place.
1012 **
1013 **
1014 ** Parameter        p_db: database pointer.
1015 **                  p_dst: destination data pointer.
1016 **                  p_src: source data pointer.
1017 **                  len: data length to be copied.
1018 **
1019 ** Returns          None.
1020 **
1021 *******************************************************************************/
copy_extra_byte_in_db(tGATT_SVC_DB * p_db,void ** p_dst,UINT16 len)1022 static BOOLEAN copy_extra_byte_in_db(tGATT_SVC_DB *p_db, void **p_dst, UINT16 len)
1023 {
1024     UINT8 *p = (UINT8 *)*p_dst;
1025 
1026     if (p_db->mem_free < len)
1027     {
1028         if (!allocate_svc_db_buf(p_db))
1029         {
1030             GATT_TRACE_ERROR0("copy_extra_byte_in_db failed, no resources");
1031             return FALSE;
1032         }
1033     }
1034 
1035     p = p_db->p_free_mem;
1036     p_db->p_free_mem += len;
1037     p_db->mem_free -= len;
1038     memset((void *)p, 0, len);
1039     *p_dst = (void *)p;
1040 
1041     return TRUE;
1042 }
1043 
1044 /*******************************************************************************
1045 **
1046 ** Function         allocate_svc_db_buf
1047 **
1048 ** Description      Utility function to allocate extra buffer for service database.
1049 **
1050 ** Returns          TRUE if allocation succeed, otherwise FALSE.
1051 **
1052 *******************************************************************************/
allocate_svc_db_buf(tGATT_SVC_DB * p_db)1053 static BOOLEAN allocate_svc_db_buf(tGATT_SVC_DB *p_db)
1054 {
1055     BT_HDR  *p_buf;
1056 
1057     GATT_TRACE_DEBUG0("allocate_svc_db_buf allocating extra buffer");
1058 
1059     if ((p_buf = (BT_HDR *)GKI_getpoolbuf(GATT_DB_POOL_ID)) == NULL)
1060     {
1061         GATT_TRACE_ERROR0("allocate_svc_db_buf failed, no resources");
1062         return FALSE;
1063     }
1064 
1065     memset(p_buf, 0, GKI_get_buf_size(p_buf));
1066     p_db->p_free_mem    = (UINT8 *) p_buf;
1067     p_db->mem_free      = GKI_get_buf_size(p_buf);
1068 
1069     GKI_enqueue(&p_db->svc_buffer, p_buf);
1070 
1071     return TRUE;
1072 
1073 }
1074 
1075 /*******************************************************************************
1076 **
1077 ** Function         gatts_send_app_read_request
1078 **
1079 ** Description      Send application read request callback
1080 **
1081 ** Returns          status of operation.
1082 **
1083 *******************************************************************************/
gatts_send_app_read_request(tGATT_TCB * p_tcb,UINT8 op_code,UINT16 handle,UINT16 offset,UINT32 trans_id)1084 static tGATT_STATUS gatts_send_app_read_request(tGATT_TCB *p_tcb, UINT8 op_code,
1085                                                 UINT16 handle, UINT16 offset, UINT32 trans_id)
1086 {
1087     tGATTS_DATA   sr_data;
1088     UINT8       i_rcb;
1089     tGATT_SR_REG *p_sreg;
1090     UINT16   conn_id;
1091 
1092     i_rcb = gatt_sr_find_i_rcb_by_handle(handle);
1093     p_sreg = &gatt_cb.sr_reg[i_rcb];
1094     conn_id = GATT_CREATE_CONN_ID(p_tcb->tcb_idx, p_sreg->gatt_if);
1095 
1096     if (trans_id == 0)
1097     {
1098         trans_id = gatt_sr_enqueue_cmd(p_tcb, op_code, handle);
1099         gatt_sr_update_cback_cnt(p_tcb, p_sreg->gatt_if, TRUE, TRUE);
1100     }
1101 
1102     if (trans_id != 0 )
1103     {
1104         memset(&sr_data, 0, sizeof(tGATTS_DATA));
1105 
1106         sr_data.read_req.handle = handle;
1107         sr_data.read_req.is_long = (BOOLEAN)(op_code == GATT_REQ_READ_BLOB);
1108         sr_data.read_req.offset = offset;
1109 
1110         gatt_sr_send_req_callback(conn_id,
1111                                   trans_id, GATTS_REQ_TYPE_READ, &sr_data);
1112         return(tGATT_STATUS) GATT_PENDING;
1113     }
1114     else
1115         return(tGATT_STATUS) GATT_BUSY; /* max pending command, application error */
1116 
1117 }
1118 
1119 /*******************************************************************************
1120 **
1121 ** Function         gatts_db_add_service_declaration
1122 **
1123 ** Description      Update a service database service declaration record.
1124 **
1125 ** Parameter        p_db: database pointer.
1126 **                  service: UUID of the service.
1127 **
1128 ** Returns          void
1129 **
1130 *******************************************************************************/
gatts_db_add_service_declaration(tGATT_SVC_DB * p_db,tBT_UUID service,BOOLEAN is_pri)1131 static void gatts_db_add_service_declaration(tGATT_SVC_DB *p_db, tBT_UUID service, BOOLEAN is_pri)
1132 {
1133     tGATT_ATTR16  *p_attr;
1134     UINT16      service_type = is_pri ? GATT_UUID_PRI_SERVICE: GATT_UUID_SEC_SERVICE;
1135 
1136     GATT_TRACE_DEBUG0( "add_service_declaration");
1137 
1138     /* add service declration record */
1139     if ((p_attr = (tGATT_ATTR16 *)(allocate_attr_in_db(p_db, service_type, NULL, GATT_PERM_READ))) != NULL)
1140     {
1141         if (copy_extra_byte_in_db (p_db, (void **)&p_attr->p_value, sizeof(tBT_UUID)))
1142         {
1143             memcpy (&p_attr->p_value->uuid, &service, sizeof(tBT_UUID));
1144         }
1145     }
1146 }
1147 
1148 #endif /* BLE_INCLUDED */
1149